System and method for transferring data in high latency firewalled networks

ABSTRACT

A system and method are provided for establishing multiple parallel connections between a client and a server on a single server port. Data may be transferred on the multiple parallel connections between the server and the client through an opening in a network firewall that corresponds to the single server port. A control process may accept N connection requests from a client then transfer each accepted connection to a relay process that manages that connection. Each relay process may relay data between the server and the client via the single server port. A single collective data transfer may be executed on the N parallel connections, thereby increasing throughput and data transfer rates. If the data transfer rate is primarily limited by network latency, using N parallel connections provides the advantage of increasing the data transfer rate by approximately a factor of N.

FIELD OF THE INVENTION

The invention generally relates to systems and methods of increasingdata transfer rates in high-latency networks with firewalls.

BACKGROUND OF THE INVENTION

Users of networked computer systems desire to transfer data reliably andefficiently to and from other networked computer systems. The TransferControl Protocol/Internet Protocol (TCP/IP) provides the ability to,sendand receive data to and from various TCP/IP networked computer systems.File transfer protocol (FTP) is one example of a service that runs on aTCP/IP networked computer system. FTP enables large amounts of data tobe transferred from a client side to a server side, or vice versa.

Services such as FTP typically initiate communication on a reservedcommunication port on the server. The reserved communication port issometimes referred to as a “well-known port.” For example, a user of aclient machine may request a connection to an FTP server on thewell-known port to transmit/receive data to/from the FTP server. The FTPserver may respond by establishing a unique connection between theclient and the FTP server. A unique connection is determined by an IPaddress of the client, an IP address of the server, and the port on theserver being accessed.

Firewalls are used to secure their hosts by screening data transfersbetween their hosts and their user community. Conventional firewalls aretypically programmed to restrict inbound traffic for a particular set ofusers and/or a particular set of hosts and/or ports. Firewalls decide topass data based on the type of protocol used for the data transfer, thedestination IP address, and/or source IP address.

Most firewalls are programmed to pass data on any connection to awell-known port on a server. For example, if a server has a well-knownport for an FTP service, a firewall typically passes or otherwisepermits data transfers to and from the well-known FTP port. Someservices use a single connection to transfer all the data to/from theserver. For large transfers of data occurring on a single connection,throughput is limited to that of a single connection.

“Latency” refers to the amount of time it takes a block of data to getfrom one designated point to another, in a network. Conventional systemshave attempted to address a problem of slow data transfer in highlatency firewalled networks by establishing multiple connections betweenthe client and the server. Some conventional systems establish thesemultiple connections by allocating ports on a server dynamically. Thisprocess typically involves establishing multiple connections between theclient and the server, in real time, by assigning each communicationchannel a new server port. A firewall in the network typically permitsthe connections to be established provided the firewall is aware of theprotocol being used. For example, the firewall may inspect the protocolinformation associated with a data transfer in order to determine whatnew ports should be allocated. Thus, the firewall must be able torecognize the protocol information in order to assign the communicationchannel a port on the server.

Using dynamic port allocation, the firewall opens a correspondingcommunication port in the firewall not otherwise left open for each ofthe unique connections established between the client and the server.For example, a client may request a large transfer of data from aserver, and the client and the server may negotiate to execute thetransfer on three parallel connections between the client and theserver. As a result, the firewall would open three correspondingcommunication ports in the firewall for passing the data channeled oneach connection and close them once the transfer is complete.

Dynamic port allocation is problematic because it leaves the firewallexposed to security risks at three corresponding communication ports.Because the firewall decides to open three corresponding ports to passdata, the part of the network being protected by the firewall is morevulnerable than when the data transfer is being executed on a singleconnection.

Because some firewalls use dynamic port allocation to regulate datatraffic, the manufacturers of firewalls-need to be “aware” of theprotocols being used to transfer data through the firewall. Morespecifically, conventional firewalls must be able to recognize andunderstand protocol information as it passes through the firewall inorder to determine what new ports should be allocated. This results incompatibility problems with installed, or otherwise existing, firewallswhen new protocols are created.

These and other drawbacks exist.

SUMMARY OF THE INVENTION

The invention generally relates to a system and method of decreasinglatency and increasing data transfer rates in a network including afirewall.

According to one aspect of the invention, multiple parallel connectionsmay be established between a client and a server using a single serverport reserved for communication with a client. Data may be transferredon the multiple parallel connections between an operating system clientprocess and an operating system server process, for example.

According to another aspect of the invention, the multiple parallelconnections may all be established at the server on a communication portthat is typically open through the firewall including, for example, awell-known port (i.e. a port to which the firewall typically permitsaccess). This arrangement may be advantageous, because it enables datatransferred on each of the multiple parallel connections to pass throughthe corresponding opening in the firewall. Because multiple connectionsmay be passed through a single corresponding opening in the firewall,the problems associated with overexposing the protected network atmultiple open ports in the firewall may be avoided. Additionally,because the multiple connections may be established on the samecommunication port at the server, the firewall need not allocate newports on the server for the data transfer.

According to another aspect of the invention, N parallel connectionsbetween a communication port at a server and a client may beestablished. The communication port may be a well-known port or a portreserved for communication with the client. A single collective datatransfer may be executed on the N parallel connections, therebyincreasing throughput and data transfer rates. If the data transfer rateis primarily limited by network latency, using N parallel connectionsprovides the advantage of increasing the data transfer rate byapproximately a factor of N. The number of connections (N) may bedetermined by the client, by the server, or may be negotiated betweenthe client and the server.

According to another aspect of the invention, the N connections may beaccepted by a data traffic manager at the server. Typically, a firewallallows any number of connections to be initiated between a client and aserver. However, a single process on the server typically receivesconnections on a given port at the server at any given time. In variousembodiments, a single process on the server side may “listen” forconnection requests from the client on a communication port, including awell-known port at the server. Once a connection is accepted by thisprocess, the connection may be transferred or “handed off” to another,typically a new process on the server side. In the meantime, the singleprocess on the server side continues to listen for new connectionrequests. This new server process that receives the connection on thecommunication port may be a “child” process created by the singleprocess. Thus, a connection between the client and the communicationport at the server may remain active, while other connections betweenthe client and the single process on the server side on thecommunication port are being initiated.

According to another aspect of the invention, the data traffic managermay include a control process. The control process may listen on acommunication port for connection requests from the client. Once aconnection is established, the control process may transfer theconnection to another server process that maintains and/or manages theactive connection between the client and the communication port at theserver. The control process may continue to listen on the communicationport for another connection request from the client. The invention mayrepeat these operations N times to establish N parallel connectionsbetween the client and the communication port at the server.Accordingly, the firewall passes any data channeled on these parallelconnections, because the firewall “sees” N connections to the server onthe same communication port.

According to another aspect of the invention, the control process mayaccept N parallel connections to the client on the communication port,which may include a well-known port at the server. Because more than oneconnection may be accepted by the control process at a given time, thecontrol process need not transfer a connection to the client to anotherserver process before listening on the communication port for otherconnection requests.

According to another embodiment, the control process may maintain and/ormanage the N connections to client on the communication port, withouttransferring each connection to a new process on the server side. Forexample, the control process may accept N connections from the client onthe communication port at the server. The control process may thenestablish N local connections to a specified server process, to whichthe client has requested access. The control process may relay databetween the specified server process and the client via thecommunication port on the server.

According to another aspect of the invention, a data traffic manager,which may include a control process, may-manage connections to theserver and the server processes. A client may contact the controlprocess of the data traffic manager and request N connections to aserver or specified server process. The control process may contact anexisting server process, or create a new server process. The controlprocess may inform the server process that the client is requesting Nconnections to the server process. In response to the control process,the server process may transmit a list of N available server ports onwhich the client can initiate connections to the server.

According to another aspect of the invention, once the client hasreceived a list of N available ports from the specified server process,the client may contact the control process, which is listening at theserver on the communication port, to request a first connection to aselected first one of the available ports. The control process may thenaccept the first connection to the client on the communication port atthe server. Once the first connection is accepted, a first relay processmay be created by the control process. The control process may thentransfer the first connection between the client and the control processon the communication port to the first relay process. The first relayprocess may be a “child” process of the control process, and theconnection may be transferred by inheritance, for example. The firstrelay process may manage the active first connection, and the controlprocess may then begin listening or continue listening on thecommunication port for other connection requests from the client.

According to another aspect of the invention, the first relay processmay be an operating system process running at the server. The firstrelay process may establish a new local connection to the selected firstone of the available ports at the server in order to relay data to andfrom the specified server process. Once this connection is established,the first relay process is connected to 1) the client via thecommunication port at the server and 2) the specified server process onthe selected first one of the available ports. The first relay processmay relay data between the selected first one of the available ports atthe specified server process and the client via the communication portat the server.

According to another aspect of the invention, the client may contact thecontrol process, which is listening on the communication port at theserver, to request a second connection to the specified server processon a selected second one of the available ports. The control process maythen accept the second connection to the client on the communicationport at the server. Once the second connection is accepted, a secondrelay process may be created by the control process. The control processmay transfer the second connection between the client and the controlprocess to the second relay process. The second relay process may be a“child” process of the control process, and the connection may betransferred by inheritance, for example. The second relay process maymanage the active second connection, and the control process may thenbegin listening or continue listening on the communication port forother connection requests from the client.

According to another aspect of the invention, the second relay processmay be an operating system process running at the server. The secondrelay process may establish a new local connection to the selectedsecond one of the available ports at the server in order to relay datato and from the specified server process. Once this connection isestablished, the second relay process is connected to 1) the client viathe communication port at the server and 2) the specified server processon the selected second one of the available ports. The second relayprocess may relay data between the selected second one of the availableports at the specified server process and the client via thecommunication port at the server.

According to another aspect of the invention, the control process maycontinue to listen for other connection requests from the client. Thecontrol process may ultimately accept N parallel connections and createsN relay processes. A single collective data transfer may be executed onthe N connections in parallel, thereby increasing throughput and datatransfer rates.

According to another aspect of the invention the relay processes may becreated to pass data to or from a specified server process to which theclient has requested access. These relay processes may be newly created“child” processes of the control process that accepted the connection tothe client on the communication port at the server. The relay processesprovide the advantage of “freeing” the control process from the burdenof continuously passing data between the communication port and thespecified server process on the N parallel connections.

According to another aspect of the invention, the relay processesmaintain N active parallel connections on the communication port at theserver. Thus, the specified server process may pass the data to the Nrelay processes, which subsequently pass the data to the client on the Nactive parallel connections via the communication port at the server.The firewall may pass the data transferred on the active N parallelconnections, because the connections all originate on the samecommunication port at the server. Because all the connections originateon the communication port at the server, the firewall does not need toallocate ports dynamically, therefore, N multiple parallel connectionsmay be established without the firewall having any knowledge of theunderlying protocols. Accordingly, the firewalls that may be used withthe invention are not required to recognize the protocols used totransfer data between a client and a server.

According to another aspect of the invention, each one of the N localports on the specified server process may transmit data on N parallelconnections to a corresponding local port on each of the N relayprocesses; and the N relay processes may relay the data to the clientvia the communication port at the server.

According to another aspect of the invention, each of the N relayprocess s may receive data on each of the N parallel connections fromthe client via the communication port at the server. The N relayprocesses may relay the data from the N local ports on the relayprocesses to the N local ports on the specified server process.

According to another aspect of the invention, if the data transfer rateis primarily limited by network latency, using N parallel connectionsprovides the advantage of transferring data at a rate approaching Ntimes faster than if the client and the specified server process hadestablished a single connection for the data transfer. A singlecollective data transfer may be executed on the N connections inparallel, thereby increasing throughput and data transfer rates. Thismay be especially advantageous in larger data transfers. In someembodiments of the invention, the data may be split into smaller chunksand passed over the N parallel connections.

According to another aspect of the invention, the data traffic managermay be used with any type of existing or subsequently developed protocolfor transferring data. Unlike dynamic port allocation, the invention mayuse the same communication port to initiate all N connections; thereforethe firewall need not be aware of the protocol being used to transferthe data. As a result, new protocols may be created and used withexisting firewalls that would not otherwise operate with newerprotocols.

It is to be understood that the invention is not limited to datatransfers occurring in a specific network direction (i.e. client toserver, server to client, etc.), but encompasses any data transfer in anetwork including a firewall.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory and areintended to provide further explanation of the invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide furtherunderstanding of the invention and are incorporated in and constitute apart of this specification, illustrate embodiments of the invention and,together with the description, serve to explain the principles of theinvention. In the drawings:

FIG. 1 is a schematic diagram of a system for increasing data transferrates according to various embodiments of the invention.

FIG. 2 illustrates a process for establishing multiple parallelconnections between a client and a server according to variousembodiments of the invention.

FIG. 3 illustrates a system for increasing data transfer rates includingrelationships between local ports at the server according to variousembodiments of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The invention generally relates to a system and method that compensatesfor latency and increases data transfer rates in a network that includesa firewall. FIG. 1 is a schematic diagram of a system for increasingdata transfer rates according to one embodiment of the invention. Forpurposes of illustration, the data transfer has been depicted to occurin the server-to-client direction. However, it is to be understood thatthe invention is not limited to data transfers occurring in a particularnetwork direction (i.e. client to server, server to client, etc.), butmay encompass various data transfers in networks including a firewall.While described below as a well-known port at the server, the followingdescription applies generally to all communication ports in a network.

According to the various embodiments of the invention, multiple parallelconnections may be established between client 102 and server 101 using asingle server communication port 105, which may be a well-known portthat is accessible through firewall 104.

The source and the target of the data transfer may also include anoperating system client process 115 and an operating system serverprocess 114. Firewall 104 may be a conventional firewall that includesvarious “rules” for determining whether to pass data through thefirewall or provide access to various addresses. These rules may includefor, for example, instructions to firewall 104 to pass certain databeing transferred to/from certain ports on server 101. In the embodimentdepicted in FIG. 1, rule A 109 instructs firewall 104 to pass datatransferred between client 102 and server 101 via server port A 105.

The multiple parallel connections may all be established at server 101on server port A 105. This arrangement may be advantageous, because itenables data transferred on each of the multiple parallel connections topass through opening 109 in firewall 104 which corresponds to serverport A 105. Because these multiple connections may be passed through asingle corresponding opening 109 in firewall 104, the configuration offirewall 104 is simplified and network security is increased.

First relay process 106 and second relay process 107 through Nth relayprocess 108 each manage an active connection with client 102 at server101 on server port A 105. The relay processes manage datatransmitted/received between server process 114 and client 102. Each ofthe multiple parallel connections may include a local server connectionfrom server process 114 to a relay process (106-108) and a connectionfrom a client process 115 to a relay process. For example, second relayprocess 107 manages data transferred between server process 114 onserver port A 105 and client process 115 on client port Y 111.

A single process on the server typically receives connections on a givenport at the server at any given time. In other words, one process (e.g.control process 103) on server 101 may “listen” for connection requestsfrom client 102 on a well-known port at server 101. Additionally, nearlyall firewalls allow more than one connection between a client and agiven port at a server to remain active. Thus, a connection betweenclient 102 and control process 103 on server port A 105 at server 101may remain active, while other connections between client 102 andcontrol process 103 on server port A 105 are being initiated. Once aconnection is initiated, control process 103 may create a new “child”process and “hand off” or transfer the connection to the newly createdchild process.

Because conventional operating systems typically allow a single processon the server to “listen” for a connection request at any given time,some embodiments of the invention repeat the following operations Ntimes to generate N parallel connections between client 102 and aspecified server process (e.g. 114) at server 101 on well known-port105: (1) establish a connection between client 102 and control process103, which is listening on well-known port 105 at server 101; (2) createa relay process (e.g. 106, 107, and 108) that may be a child process ofcontrol process 103; (3) transfer the connection between client 102 andcontrol process 103 on well-known port 105 at server 101 to a relayprocess; and (3) connect the relay process to specified server process114 to which client 102 requested a connection on an available serverport.

In some embodiments, data traffic manager 113 may accept the Nconnections between client 102 and server 101. Data traffic manager 113may include control process 103 relay processes, 106-108.Control-process 103 may listen on well-known port 105 at server 101 forconnection requests from client 102. Once a connection is established,control process 103 may transfer the connection to another serverprocess (e.g. one of relay processes 106-108) that manages the activeconnection between client 102 and well-known port 105. Relay processes106-108 may be child processes of control process 103. Control process103 may continue to listen on well-known port 105 for another connectionrequest. Control process 103 may repeat these operations N times togenerate N parallel connections between client 102 and well-known port105 at server 101. Accordingly, firewall 104 passes any data channeledon these parallel connections, because firewall 104 “sees” N connectionsto server 101 on well-known port 105. In a network where latency is theprimary factor limiting the data transfer rate, using N parallelconnections provides the advantage of increasing the data transfer rateby a factor approaching N.

One advantage of the invention is that the data traffic manager 113 maybe used with any type of existing or subsequently developed protocol fortransferring data. Unlike dynamic port allocation, various embodimentsof the invention may use the same communication port to initiate all Nconnections; therefore firewall 104 need not be aware of the protocolbeing used to transfer the data. As a result, new protocols may becreated and used with existing firewalls that would not otherwiseoperate with newer protocols. These protocols can be implemented usingvarious software programs located at the client and the server withoutneed to reconfigure the firewall deployed there between.

FIG. 2 illustrates a process for establishing multiple parallelconnections between client 102 and server 101 via well-known port 105according to one embodiment of the invention. In an operation 201,client 102 contacts control process 103, which is listening at server101 on well-known port 105. Client 102 may ask control process 103 for aconnection to an existing or non-existing server process 114. The numberof connections (i.e. N) to be established may be determined by client102 or server 101. The number of connections may also be established bynegotiations between the client and the server.

In an operation 202, control process 103 may contact an existing serverprocess 114, or create a new server process, in response to the requestfrom client 102. Control process 103 may inform server process 114 thatclient 102 is requesting N connections to server process 114.

In an operation 203, server process 114 may transmit a list of Navailable server ports on which client 102 can initiate connections toserver process 114, in response to control process 103. The N availableserver ports may be ports on server 101.

In an operation 204, once client 102 has received a list of N availableports from server process 114, client 102 may contact control process103 to request a first connection to a selected first one of the Navailable server ports. Control process 103 may then accept the firstconnection to client 102 on well-known port 105 at server 101.

In an operation 205, once the first connection is accepted, first relayprocess 106 may be created by control process 103. First relay process106 may be a child of control process 103. In this manner, controlprocess 103 may then transfer the first connection between client 102and control process 103 to first relay process 106. This connection maybe transferred, for example, by inheritance. First relay process 106then establishes a connection to server process 114 on a selected firstone of the N available server ports. First relay process 106 manages thefirst connection and relays data between the selected first one of theavailable server ports and client 102. First relay process 106 providesthe advantage of “freeing” control process 103 from having tocontinuously pass data between the first one of the available serverports on the server process 114 and client 102 via well-known port 105.Control process 103 may then continue listening on well-known port 105for other connection requests from client 102.

In an operation 206, client 102 may contact control process 103, whichis listening on well-known port 105 at server 101, to request a secondconnection to server process 114 on a selected second one of theavailable ports. Control process 103 may then accept the secondconnection to client 102 on well-known port 105 at server 101.

In an operation 207, once the second connection is accepted, secondrelay process 107 may be created by control process 103. Second relayprocess 107 may also be a child of control process 103. In this manner,control process 103 may transfer the second connection between client102 and control process 103 to second relay process 107. Second relayprocess 107 then establishes a connection to server process 114 on aselected second one of the N available server ports. Second relayprocess 107 manages the active second connection on well-known port 105and relays data between the selected second one of the available serverports and client 102. Second relay process 107 provides the advantage of“freeing” control process 103 from having to continuously pass databetween the second one of the available server ports on server process114 and client 102 via well-known port 105. Control process 103 may thencontinue listening on well-known port 105 for other connection requestsfrom client 102.

In operations 208 and 209, N-2 connections are established betweenclient 102 and server process 114 at server 101 on well-known port 105in a similar manner that the first and second connections wereestablished in operations 204-207.

In operations 210 and 211, client 102 transmits/receives data throughfirewall 104 on N multiple parallel connections to/from well-known port105 at server 101. Similarly, server process 114 transmits/receives dataon well-known port 105 at server 101. Data received at well-known port105 is relayed to the corresponding selected available ports; and datatransmitted from the corresponding selected available ports is relayedon well-known port 105 at server 101 to client 102.

FIG. 3 illustrates a system for increasing data transfer rates includingrelationships between local ports at the server according to variousembodiments of the invention. The relay processes 106, 107, and 310 arecreated to transfer data between a server process 114 to which theclient 102 has requested access, as described above. In this example,relay processes 106, 107, and 310 maintain three active parallelconnections on the well-known port 105 at server 101. As would beapparent, any number of relay processes may be used to manage the activeparallel connections. Thus, server process 114 may pass the data to thethree relay processes 106, 107, and 310, which subsequently pass thedata to client 102 on the three active parallel connections viawell-known 105 port at server 101.

Server process 114, control process 103, and relay processes 106, 107,and 310 may be operating system processes running at server 101, aswould be apparent. Similarly, client process 115 may be an operatingsystem process running at client 102, as would also be apparent.

As described above, the relay processes 106, 107, and 310 receive activeconnections from control process 103. In response to receiving an activeconnection to client 102 on well-known port 105 at server 101, relayprocesses 106, 107, and 310 may establish new local connections to theselected ones of the available ports 312-314 at server 101 in order torelay data to/from server process 114.

For example, first relay process 106 may manage an active connection toclient port X 110 via server port A 105. First relay process 106 mayinitiate a local connection between server port B 312 on server process114 and server port E 307. First relay process 106 may then relay databetween client 102 and server 101 via server port A 105, which in someembodiments is a well-known port. Once this connection is established,first relay process 106 is connected to 1) client 102 at client port X110 via well-known port A 105 at server 101 and 2) server process 114 onserver port B 312. First relay process 106 may relay data between serverport B 312 at server process 114 and client 102 via well-known port A105 at server 101. Firewall 104 passes the data transferred on theactive connection between server port B 312 and client port X 110, asdiscussed above.

In a similar manner, a second relay process 107, may initiate a localconnection between server port C 313 on server process 114 and serverport F 309. Once this connection is established, second relay process107 is connected to 1) client 102 at client port Y 111 via well-knownport A 105 at server 101 and 2) server process 114 on local server portC 313. Second relay process 107 may relay data between server port C 313at server process 114 and client 102 via well-known port A 105 at server101. Firewall 104 passes the data transferred on the active connectionbetween server port C 313 and client port Y 111, because the connectionoriginated on well-known port A 105 at server 101.

Control process 103 may continue to accept other connections betweenclient 102 and server process 114. The dotted line 321 between theclient and control process 103 illustrates that control process 103 maycontinue to actively listen for additional connection requests thenpass, by inheritance, each additional connection to a relay process.Control process 103 may ultimately accept N (in this example three)parallel connections and create N relay processes. As a result, thesystem 300 may transfer data through firewall 104 on N connectionsto/from N local server process ports to the client via the samewell-known port 105 on the server.

In some embodiments, the N local ports on the server process maytransmit data on N parallel connections to a corresponding local port oneach of the N relay processes; and the N relay processes may relay thedata to the client via the well-known port at the server. Similarly, theN relay processes may receive data on each of the N parallel connectionsfrom the client via the well-known port at the server. The N relayprocesses may then relay the data from the N local ports on the relayprocesses to the N local ports on the server process.

Once N connections are established between a server process and theclient, data may be transferred at a rate approaching N times fasterthan if the client and the server process had established a singleconnection for the data transfer. A single collective data transfer maybe executed on the N connections in parallel, thereby increasingthroughput and data transfer rates. This may be especially advantageousin larger data transfers. In various embodiments of the invention, thedata may be split into smaller chunks and passed over the N parallelconnections.

In some embodiments, the control process may relay data to/from aspecified server process from/to a client on N connections via thewell-known port without creating relay processes. In these embodiments,the control process may accept N connections from the client on thewell-known port, then establish N local connections to the specifiedserver process. Data may then be relayed between the client and thespecified server process by the control process via the well-known portat the server.

Again, it is to be understood that the invention is not limited to datatransfers occurring in specific network direction (i.e. client toserver, server to client, etc.), but encompasses any data transfer in anetwork including a firewall.

Various embodiments of the invention may be implemented to increase datatransfer rates to/from any network entity. In addition, variousembodiments of the invention may be used at the client side or at theserver side or at a combination thereof.

It should also be understood that various embodiments of the inventionmay be implemented in software, hardware, or on a combination thereof.

Additional features and advantages of the invention are set forth in thedescription that follows, and in part are apparent from the description,or may be learned by practice of the invention. The objectives and otheradvantages of the invention are realized and gained by the structureparticularly pointed out in the written description and claims thereofas well as the appended drawings.

Although particular embodiments of the invention have been shown anddescribed, it will be understood that it is not intended to limit theinvention to the embodiments described above and it will be obvious tothose skilled in the art that various changes and modifications may bemade without departing from the spirit and scope of the invention. Thus,the invention is intended to cover alternatives, modifications, andequivalents, which may be included within the spirit and scope of theinvention as defined by the claims.

1. A method of increasing data transfer rates in a network including afirewall, the method comprising: receiving a connection request from aclient for a plurality of parallel connections to a specified serverprocess operating at a server, the connection request received at theserver on a communication port; transmitting a list of available serverports to the client in response to the connection request; receiving afirst request from the client for a connection to a first one of theavailable server ports, the first request received at the server on saidcommunication port; accepting a first connection to the client, thefirst connection accepted at the server on said communication port;creating a first process at the server to manage the first connection tothe client on said communication port; establishing a first localconnection to the specified server process, the connection establishedby the first process to the first one of the available server ports onthe specified server process; receiving a second request from the clientfor a connection to a second one of the available server ports, thesecond request received at the server on said communication port;accepting a second connection to the client, the second connectionaccepted at the server on said communication port; creating a secondprocess at the server to manage the second connection to the client onsaid communication port; establishing a second local connection to thespecified server process, the connection established by the secondprocess to the second one of the available server ports on the specifiedserver process; and executing a data transfer between the specifiedserver process and the client, wherein the data transfer occurs inparallel on the first connection and the second connection at the serveron said communication port, and wherein the first process and the secondprocess relay data between the first and second ones of the availableserver ports on the specified server process and the client via thefirst connection and the second connection at the server on saidcommunication port.
 2. The method of claim 1, wherein the first processand second process are created by and are child processes of a controlprocess operating at the server.
 3. The method of claim 2, whereincreating a first process at the server to manage the first connection tothe client comprises transferring the first connection on saidcommunication port from the control process to the first process viainheritance.
 4. The method of claim 2, wherein creating a second processat the server to manage the first connection to the client-comprisestransferring the second connection on said communication port from thecontrol process to the second process via inheritance.
 5. The method ofclaim 1 further comprising: listening on said communication port at theserver for other requests from the client for connections to other onesof the available server ports.
 6. The method of claim 1 furthercomprising: receiving a third request from the client for a connectionto a third one of the available server ports, the third request receivedat the server on said communication port; accepting a third connectionto the client, the third connection accepted at the server on saidcommunication port; creating a third process at the server to manage thethird connection to the client on said communication port; andestablishing a third local connection to the specified server process,the connection established by the third process to the third one of theavailable server ports on the specified server process.
 7. The method ofclaim 1, wherein said communication port is a well-known port.
 8. Themethod of claim 7, wherein the firewall is typically open to thewell-known port.
 9. The method of claim 7, wherein the firewalltypically permits the client to access the well-known port.
 10. Themethod of claim 1, wherein said communication port is a port reservedfor communication with clients.
 11. A method for increasing datatransfer rates in a network including a firewall, the method comprising:accepting a first connection to a client, the first connection acceptedat a server on a communication port; creating a first process at theserver to manage the first connection to the client, wherein the firstprocess manages the first connection to the client at the server on saidcommunication port; accepting a second connection to the client, thesecond connection accepted at the server on said communication port;creating a second process at the server to manage the second connectionto the client, wherein the second process manages the second connectionto the client at the server on said communication port; and transferringdata in parallel between the client and the server using the firstconnection and the second connection at the server on said communicationport.
 12. The method of claim 11, wherein accepting a first connectionto a client comprises accepting the first connection by a controlprocess operating at the server, and wherein accepting a secondconnection to the client comprises accepting the second connection bythe control process operating at the server.
 13. The method of claim 12,wherein creating a first process at the server to manage the firstconnection to the client comprises creating, by the control process, thefirst process.
 14. The method of claim 12, wherein the first process andsecond process are child processes of the control process operating atthe server.
 15. The method of claim 12, wherein creating a first processat the server to manage the first connection to the client comprises:creating, by the control process, the first process; and transferringthe first connection on said communication port from the control processoperating at the server to the first process by inheritance.
 16. Themethod of claim 12, wherein creating a second process at the server tomanage the second connection to the client comprises: creating, by thecontrol process, the second process; and transferring the secondconnection on said communication port from the control process operatingat the server to the second process by inheritance.
 17. The method ofclaim 11, wherein the first process and the second process are relayprocesses operating at the server that relay data between the client anda specified server process on said communication port.
 18. The method ofclaim 11, wherein said communication port is a well-known port.
 19. Themethod of claim 18, wherein the firewall is typically open to thewell-known port.
 20. The method of claim 18, wherein the firewallpermits the client to access the well-known port.
 21. The method ofclaim 11 further comprising: establishing a first local connectionbetween the first process and a specified server process that respondsto a request for a connection made by the client; and establishing asecond local connection between the second process and the specifiedserver process that responds to a request for a connection made by theclient.
 22. The method of claim 21 further comprising: transferring datain parallel between the client and the server using the first connectionand the local first connection, and the second connection and the localsecond connection.
 23. The method of claim 11 further comprising:accepting a third connection to the client, the third connectionaccepted at the server on said communication port; and creating a thirdprocess at the server to manage the third connection to the client,wherein the third process manages the third connection to the client atthe server on said communication port.
 24. The method of claim 11further comprising: listening on said communication port at the serverfor one or more requests from the client for one or more connections toa specified server process on one or more available server ports.
 25. Asystem for increasing data transfer rates in a network including afirewall, the system comprising: a control process operating at theserver that accepts a first connection to a client and a secondconnection to the client, wherein the first connection and the secondconnection are accepted at the server on a communication port; a firstrelay process that receives the first connection transferred by thecontrol process; and a second relay process that receives the secondconnection transferred by the control process.
 26. The system of claim25, wherein the first relay process manages the first connection to theclient at the server on said communication port.
 27. The system of claim26, wherein the second relay process manages the second connection tothe client at the server on said communication port.
 28. The system ofclaim 27, wherein the first relay process establishes a first localconnection to a specified server process.
 29. The system of claim 28,wherein the second relay process establishes a second local connectionto the specified server process.
 30. The system of claim 29, wherein thefirst relay process and the second relay process relay data in parallelbetween the specified server process and the client on the firstconnection at the server on said communication port and the secondconnection at the server on said communication port.
 31. The system ofclaim 25, wherein the control process accepts the first connection andthe second connection in response to at least two requests from theclient to be connected to a specified server process, the at least tworequests from the client received by the control process on saidcommunication port at the server.
 32. The system of claim 25, whereinthe first relay process and the second relay process are created at theserver by the control process.
 33. The system of claim 25, wherein thefirst relay process, the second relay process, and the control processare operating system processes running at the server.
 34. The system ofclaim 25, wherein the first relay process inherits the first connectionfrom the control process, and wherein the second relay process inheritsthe second connection from the control process.
 35. The system of claim25, wherein said communication port is a well-known port.
 36. The systemof claim 35, wherein the firewall is typically open to the well-knownport.
 37. The system of claim 35, wherein the firewall permits theclient to access the well-known port.
 38. A system for increasing datatransfer rates in a network including a firewall, the system comprising:a control process that accepts two or more connections to a client atthe server on a communication port; a first relay process that maintainsa first connection to the client at the server on said communicationport, wherein the first relay process is created by and receives thefirst connection from the control process; a second relay process thatmaintains a second connection to a client at the server on saidcommunication port, wherein the second relay process is created by andreceives the second connection from the control process; a serverprocess that is accessed by the client such that data is transferredbetween the client and the server over the first connection and thesecond connection in parallel.
 39. A system for increasing data transferrates in a network including a firewall, the system comprising: requestreceiving means for receiving a first request from a client for aconnection to a first one of a plurality of available server ports and asecond request from the client for a connection to a second one of theplurality of available server ports, the first request and the secondrequest received at the server on a communication port; connectionaccepting means for accepting a first connection and a second connectionto the client, the first connection and the second connection acceptedat the server on said communication port; and data transfer means fortransferring data in parallel between the client and the server usingthe first connection and the second connection.
 40. The system of claim39, wherein the data transfer means includes: a first connectionmanaging means for managing the first connection between the client anda server process that responds to a request for a connection made by theclient; and a second connection managing means for managing the secondconnection between the client and the server process that responds to arequest for a connection made by the client.
 41. The system of claim 40,wherein the first connection managing means and the second connectionmanaging means facilitate a collective data transfer in parallel overthe first connection and the second connection via said communicationport.
 42. The system of claim 40, wherein the first connection istransferred from the connection accepting means to the first connectionmanaging means via inheritance.
 43. The system of claim 40 furthercomprising local connection establishing means for establishing a firstlocal connection between the first connection managing means and theserver process on a first one of the plurality of available server portsand for establishing a second local connection between the secondconnection managing means and the server process on a second one of theplurality of available server ports.
 44. A system for increasing datatransfer rates in a network including a firewall, the system comprising:first connection accepting means for accepting a first connection to aclient, the first connection accepted at a server on a communicationport; first process creating means for creating a first process tomanage the first connection to the client at the server on saidcommunication port; second connection accepting means for accepting asecond connection to the client, the second connection accepted at theserver on said communication port; and second process creating means forcreating a second process to manage the second connection to the clientat the server on said communication port.
 45. A method of increasingdata transfer rates in a network including a firewall, wherein themethod is conducted by an operating system control process running at aserver, the method comprising: receiving a first request from a clientfor a connection to a server process, the first request received at theserver on a communication port; accepting a first connection to theclient, the first connection accepted at the server on saidcommunication port; creating a first child process to manage the firstconnection to the client, wherein the first connection is transferred tothe first child process by inheritance; receiving a second request fromthe client for a connection to the server process, the second requestreceived at the server on said communication port; and accepting asecond connection to the client, the second connection accepted at theserver on said communication port.
 46. The method of claim 45 furthercomprising: creating a second child process to manage the secondconnection to the client, wherein the second connection is transferredto the second child process by inheritance.
 47. The method of claim 46further comprising: executing a collective data transfer between theserver process and the client in parallel on the first connection to theclient and the second connection to the client, wherein the first childprocess and the second child process relay data between the client andthe server process via said communication port.
 48. The method of claim45, wherein said communication port is a well-known port.
 49. The methodof claim 45, wherein said communication port is a port reserved forcommunication with the client.
 50. The method of claim 48, wherein thefirewall permits the client to access the well-known port.
 51. A methodof increasing data transfer rates in a network including a firewall, themethod comprising: receiving a first request from a client for aconnection to a first available port on a server process, the firstrequest received at the server on a communication port; accepting afirst connection to the client, the first connection accepted at theserver on said communication port; establishing a first local connectionto the first available port on the server process; receiving a secondrequest from the client for a connection to a second available port onthe server process, the second request received at the server on saidcommunication port; accepting a second connection to the client, thesecond connection accepted at the server on said communication port;establishing a second local connection to the second available port onthe server process; transferring data in parallel between the client andthe server process via the first connection, the first local connection,the second connection, and the second local connection.
 52. The methodof claim 51, wherein the method is conducted by a control processrunning at the server.